From c098081c7d2168eb88a16245c2f74b711aff916f Mon Sep 17 00:00:00 2001 From: Edd Robinson Date: Tue, 14 Nov 2017 11:52:19 +0000 Subject: [PATCH] Don't initialise a new Authorizer each query --- query/query_executor.go | 18 +++++++++++------- services/httpd/handler.go | 4 ++-- services/storage/series_cursor.go | 2 +- 3 files changed, 14 insertions(+), 10 deletions(-) diff --git a/query/query_executor.go b/query/query_executor.go index 36a36fd871..885566a260 100644 --- a/query/query_executor.go +++ b/query/query_executor.go @@ -68,7 +68,7 @@ func ErrMaxConcurrentQueriesLimitExceeded(n, limit int) error { return fmt.Errorf("max-concurrent-queries limit exceeded(%d, %d)", n, limit) } -// Authorizer reports whether certain operations are authorized. +// Authorizer determines if certain operations are authorized. type Authorizer interface { // AuthorizeDatabase indicates whether the given Privilege is authorized on the database with the given name. AuthorizeDatabase(p influxql.Privilege, name string) bool @@ -85,22 +85,26 @@ type Authorizer interface { // OpenAuthorizer is the Authorizer used when authorization is disabled. // It allows all operations. -type OpenAuthorizer struct{} +type openAuthorizer struct{} -var _ Authorizer = OpenAuthorizer{} +// OpenAuthorizer can be shared by all goroutines. +var OpenAuthorizer = openAuthorizer{} // AuthorizeDatabase returns true to allow any operation on a database. -func (_ OpenAuthorizer) AuthorizeDatabase(influxql.Privilege, string) bool { return true } +func (a openAuthorizer) AuthorizeDatabase(influxql.Privilege, string) bool { return true } -func (_ OpenAuthorizer) AuthorizeSeriesRead(database string, measurement []byte, tags models.Tags) bool { +// AuthorizeSeriesRead allows accesss to any series. +func (a openAuthorizer) AuthorizeSeriesRead(database string, measurement []byte, tags models.Tags) bool { return true } -func (_ OpenAuthorizer) AuthorizeSeriesWrite(database string, measurement []byte, tags models.Tags) bool { +// AuthorizeSeriesWrite allows accesss to any series. +func (a openAuthorizer) AuthorizeSeriesWrite(database string, measurement []byte, tags models.Tags) bool { return true } -func (_ OpenAuthorizer) AuthorizeQuery(_ string, _ *influxql.Query) error { return nil } +// AuthorizeSeriesRead allows any query to execute. +func (a openAuthorizer) AuthorizeQuery(_ string, _ *influxql.Query) error { return nil } // ExecutionOptions contains the options for executing a query. type ExecutionOptions struct { diff --git a/services/httpd/handler.go b/services/httpd/handler.go index 95398ed394..a842643d0a 100644 --- a/services/httpd/handler.go +++ b/services/httpd/handler.go @@ -418,7 +418,7 @@ func (h *Handler) serveQuery(w http.ResponseWriter, r *http.Request, user meta.U opts.Authorizer = user } else { // Auth is disabled, so allow everything. - opts.Authorizer = query.OpenAuthorizer{} + opts.Authorizer = query.OpenAuthorizer } // Make sure if the client disconnects we signal the query to abort @@ -960,7 +960,7 @@ func (h *Handler) servePromRead(w http.ResponseWriter, r *http.Request, user met opts.Authorizer = user } else { // Auth is disabled, so allow everything. - opts.Authorizer = query.OpenAuthorizer{} + opts.Authorizer = query.OpenAuthorizer } // Make sure if the client disconnects we signal the query to abort diff --git a/services/storage/series_cursor.go b/services/storage/series_cursor.go index 18d6446bcc..7ff6014970 100644 --- a/services/storage/series_cursor.go +++ b/services/storage/series_cursor.go @@ -55,7 +55,7 @@ type indexSeriesCursor struct { func newIndexSeriesCursor(ctx context.Context, req *ReadRequest, shards []*tsdb.Shard) (*indexSeriesCursor, error) { opt := query.IteratorOptions{ Aux: []influxql.VarRef{{Val: "key"}}, - Authorizer: query.OpenAuthorizer{}, + Authorizer: query.OpenAuthorizer, Ordered: true, } p := &indexSeriesCursor{row: seriesRow{shards: shards}}